fixup! feat: sign pulumi binaries with cosign

pulumi · Dec 13, 2022 · ed16cbe · ed16cbe
1 parent ed22426
commit ed16cbe
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/.github/workflows/ci-prepare-release.yml b/.github/workflows/ci-prepare-release.yml
@@ -88,7 +88,7 @@ jobs:
           mv ./artifacts.tmp/artifacts-*/* ./artifacts
 
       - name: Create sums.tmp
-        run: mkdir -p ./sums.tmp
+        run: mkdir -p ./sums.tmp ./sigs.tmp
 
         # Each of these commands strips the ./ prefix to match existing (<=3.39) formatting.
       - name: Checksums with SHA256
@@ -117,18 +117,21 @@ jobs:
             for file in ./*; do
                 echo "$file"
                 COSIGN_EXPERIMENTAL=1 cosign sign-blob \
-                  --bundle="../sums.tmp/${file}".sig  \
+                  --bundle="../sigs.tmp/${file}".sig  \
                   "${file}"
             done
             popd
           done
 
+          # flatten to a single directory to upload:
+          mv sums.tmp/* sigs.tmp
+
       - uses: actions/upload-artifact@v2
         with:
           name: artifacts-signatures
           retention-days: 1
           path: |
-            sums.tmp/*
+            sigs.tmp/*
           if-no-files-found: error
 
   publish: